CHANGES.txt: Catch up.
Showing with 1 addition and 0 deletions
|...||...||@@ -4,6 +4,7 @@|
|* Accept user certificates signed by non-current CA.|
|* Name CA certificates after their AuthorityKeyIdentifier keyid extension instead of their serial.|
|* Produce one CRL per CA certificate, as some ssl-using services fail when there is no CRL signed by the same CA as the certificate being validated.|
|* Fix trust anchor distribution during CA renewal period: the correct trust anchor is the oldest still-valid CA.|